Chapter 7 Introduction to TCP/IP Understanding TCP/IP • Networking protocols are a lot like human languages in that they are the language that computers speak when talking to each other • Just like humans, computers can understand and use multiple languages. • One-time networking giant Novell had IPX/SPX. Microsoft developed NetBEUI. • The one protocol suite that has survived is TCP/IP Understanding TCP/IP • A protocol is a set of rules that govern communications, much like a language in human terms. • TCP/IP suite is a collection of different protocols that work together to deliver connectivity • Sockets vs NETBT – Sockets require IP address and Ports to enter the TCP/IP stack while Netbios Transmissions can work with a service (only) on the server with no need for specific ports. TCP/IP Structure • While the protocol suite is named after two of its hardest-working protocols, Transmission Control Protocol (TCP) and Internet Protocol (IP), TCP/IP actually contains dozens of protocols working together to help computers communicate with one another. • If you want to ensure that the packets are delivered from one computer to another, TCP/IP can do that. If speed is more important than guaranteed delivery, then TCP/IP can ensure that too. DOD Model • TCP/IP is the protocol used on the Internet. • The structure of TCP/IP is based on a model similar to OSI model that was created by the United States Department of Defense; that is, the Department of Defense (DOD) model. DOD Model DOD Model Protocols/Components Summary DOD Model Process/Application Layer • The majority of TCP/IP protocols are located at the Process/Application layer. These include some protocols with which you may already be familiar, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and others. DOD Model Host to Host Layer • At the Host-to-Host layer, there are only two protocols: TCP and User Datagram Protocol (UDP). Most applications will use one or the other to transmit data, although some can use both but will do so for different tasks. DOD Model Internet Layer • The most important protocol at the Internet layer is IP - the backbone of TCP/IP. • Other protocols at this layer work in conjunction with IP, such as Internet Control Message Protocol (ICMP) and Address Resolution Protocol (ARP). DOD Model Network Access Layer • Network Access layer doesn’t have any protocols as such. This layer describes the type of network access method that you are using, such as Ethernet, Wi-Fi, Fiber Distributed Data Interface, or others. Process/Application Layer Process/Application Layer • HTTP – Port 80 - (HyperText Transfer Protocol) - lets the client (web browser) ask the web server for a page, and the web server would return it. It is plain text and therefore not secure • HTTPS - Port 443 - To encrypt traffic between a web server and client securely, Hypertext Transfer Protocol Secure (HTTPS) can be used. HTTPS connections are secured using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS). • AFP – Port 548 - (Apple File Protocol) is a file transfer protocol similar to FTP and Server Message Block (SMB). It was the default file transfer protocol on Mac OS until Apple changed to SMB2 in 2013. Converting to the industry-standard SMB protocol helped enhance interoperability between Macs and PCs Syntax - afp://myserver.mydomain.com/Sharepoint/Folder smb://[<domain>;][<username>:<password>@]<hostname>[:<port>]/<sharename Process/Application Layer • CIFS (Common Internet File System) UDP ports 137 and 138, and TCP ports 139 and 445. CIFS is a Microsoft-developed enhancement of the SMB protocol. The intent behind CIFS is that it can be used to share files and printers between computers, regardless of the operating system that they run. • DHCP – Port 67,68(Dynamic Host Configuration Protocol (DHCP) dynamically assigns IP addresses and other IP configuration information to network clients. • DNS (Domain Name System) ..UDP port 53. Its purpose is to resolve hostnames (www.google.com) to IP addresses (172.217.1.238). Process/Application Layer • FTP - Port 20, 21 - (File Transfer Protocol ) is optimized to do what it says it does—transfer files. This includes both uploading and downloading files from one host to another. FTP is both a protocol and an application. • If you are using a browser such as Internet Explorer, Chrome, or Firefox, to connect via FTP, the correct syntax in the address window is ftp://username:password@ftp.ftpsite.com. Process/Application Layer • IMAP - Port 143 (Internet Message Access Protocol) is a secure protocol designed to download email. • Its current version is version 4, or IMAP4. It’s the client-side email management protocol of choice, having replaced the unsecure POP3. Most current email clients, such as Microsoft Outlook and Gmail, are configured to be able to use either IMAP4 or POP3. • 2 Advantages over POP3, IMAP4 works in connected and disconnected modes. As soon as another email enters the inbox, IMAP4 notifies the email client, which can then download it • Secondly, it also lets you store the email on the server, as opposed to POP3, which requires you to download it. Process/Application Layer • LDAP – Port 389 -(Lightweight Directory Access Protocol ) is a directory services protocol that provides access to LDAP directory or LDAP database or simply your network’s phone book. Use X500 databases services such as Active Directory, Apple OpenDirectory, OpenLDAP (open source) • POP3 – Port 110 -(Post Office Protocal) was the preferred protocol for downloading email until it was replaced by IMAP4 with increased security and more features • RDP – Port 3389 -Developed by Microsoft, the Remote Desktop Protocol (RDP) allows users to connect to remote computers and run programs on them. Passes keyboard and mouse activity on to the remote user. Has to be enabled. Process/Application Layer • SFTP – port 22 via SSH- The Secure File Transfer Protocol (SFTP) is used as an alternative to FTP when you need to transfer files over a secure, encrypted connection • SMB – Port 145 - Server Message Block (SMB) - (aka Samba) is a protocol originally developed by IBM but then enhanced by Microsoft, IBM, Intel, and others. It’s used to provide shared access to files (like FTP) and also, printers, and other network resources. • SMTP – Port 25 - (Simple Mail Transfer Protocol (SMTP) is the protocol most commonly used to only send email messages. Because it’s designed to send only, it’s referred to as a push protocol Process/Application Layer • SNMP – Port 161 - (Simple Network Management Protocol (SNMP) gathers and manages network performance information. SNMP agent installed on routers or servers and tool used to gather information such as status, connectivity etc. Used for management • SSH – Port 22 - Secure Shell (SSH) can be used to set up a secure Telnet session for remote logins or for remotely executing programs and transferring files. • Telnet – Port 23 - Someone using Telnet can log into another machine and “see” the remote computer in a window on their screen. This vision is text only and therefore unsecure since passwords and usernames are sent in text format (unencrypted). It’s normally used to connect to routers for example that don’t have graphical interface Host to Host Layer Host-to-Host Layer • TCP and UDP • TCP guarantees packet delivery through virtual circuits and data acknowledgements and thus is referred to as connection-oriented; UDP is not (connectionless). • TCP and UDP use port numbers to keep track of these conversations and make sure that the data gets to the right application and right end user. E.g . HTTP uses Port 80 (Table 7.1) • Post office analogy – TCP requires return receipt while UDP is like fast class mail that is sent with no return receipt Internet Layer Internet Layer Protocols • IP (Internet Protocol) – the MAIN protocol. It’s responsible for managing logical network addresses and ultimately getting data from point A to point B • Supporting protocols are: • ICMP Internet Control Message Protocol (ICMP) is responsible for delivering error messages. E.g. ping utility, utilizes ICMP to send and receive packets. • ARP Address Resolution Protocol (ARP) resolves logical IP addresses to physical MAC addresses built into network cards. • RARP Reverse ARP (RARP) resolves MAC addresses to IP addresses. Understanding IP Addressing • Each device needs to have a unique IP address • Any device with an IP address is referred to as a host • As an administrator, you can assign the host’s IP configuration information manually, or you can have it automatically assigned by a DHCP server. IPv4 • It’s a 32-bit hierarchical address that identifies a host on the network e.g. 192.168.111.10 • Each of the numbers in this example represents 8 bits (or 1 byte) of the address, also known as an octet. • The numbers at the beginning of the address identify groups of computers that belong to the same network; IP is hierarchical and not flat. Understanding Binary (see fig. 7.3) • IP address is in 4 octets, in dotted decimal notation e.g. 192.168.111.120 • A binary bit is a value with two possible states: on equals 1 and off equals 0 • When you’re working with IPv4 addressing, all numbers will be between 0 and 255. • If all of the bits in an octet are off, or 00000000, the corresponding decimal value is 0. If all bits in an octet are on, you would have 11111111, which is 255 in decimal. Understanding Binary (see fig. 7.3) For example, 10000001 is equal to 129 (128 + 1), and 00101010 is equal to 42 (32 + 8 + 2). **Conversion from Binary to Decimal up to 255 is required Parts of the IP Address • • • • Each IP address is made up of two components: the network ID and the host ID Neither the network ID nor the host ID can be set to all 0s Neither the network ID nor the host ID can be set to all 1s Computers are able to differentiate where the network ID ends and the host address begins through the use of a subnet mask. This is a value written just like an IP address and may look something like 255.255.255.0 • When setting bits to 1 in a subnet mask, you always have to turn them on sequentially from left to right, so that the bits representing the network address are always contiguous and come first. The rest of the address will be the host ID • Therefore if subnet mask 255.255.255.0 is used on IP 192.168.111.10, 192.168.111 is the Network ID and 10 is the host ID IPv4 Address Classes • Are based on the first 3 bits • Classes determine 1. How many networks of each class exist (2𝑛) where n = #of bits used 2. How many unique addresses a network can accommodate (2𝑛 -2) IPv4 Address Classes Class A • First Octet 1-127 - PS: the first Octet determines the class • Subnet Mask is 255.0.0.0 (8bits used for network portion and 24 bits for host) • Using the formula 2𝑛 = 27 = 128 networks but because 0 and 127 are reserved = 126 Networks (first bit is 0 that’s why we use 7) • Using the formula 2𝑛 -2 = 224 -2 = 16,777,214 network hosts/IP addresses available • ISP’s have class A addresses but this is not viable for standard networks. How realistic is it that one company will have that many hosts? • Address 127 is reserved and used as loopback address (ch12) Class B • First Octet – 128-191 • Subnet Mask 255.255.0.0 (16bits used for network portion and 16 bits for host) aka Class 16 • 214 = 16, 384 networks • 216 -2 = 65, 534 hosts/IP addresses Class C • • • • • • 192 – 223 Subnet Mask 255.255.255.0 (24 bits for network and 8 bits for hosts) Aka class 24 221 = 2, 097, 152 networks 28 – 2 = 254 Hosts on each network Most companies use class C with few networks still available Classless Inter-domain Routing (CIDR) • Provide additional flexibility allowing additional Subnet masks • Not limited to the 3 default subnet masks we’ve looked at • Example - Class A default mask of 255.0.0.0, is 11111111.00000000.00000000.00000000 in binary • CIDR allows you to use a mask of 255.240.0.0 (11111111.11110000.00000000.00000000) • The above is called Variable Length Subnet Mask (VLSM) DHCP and DNS • A DHCP server is configured to provide IP configuration information to clients automatically, in what is called a lease (not permanent). • IP address, Subnet Mask, Default Gateway and DNS address are issued in the lease • DHCP ready Client sends DHCP DISCOVER requesting a DHCP server • DHCP server return the above configuration • Static IP address – entered by administrator DHCP and DNS • DNS has one function on the network, and that is to resolve hostnames to IP addresses • Ping www.google.com gives an IP of 72.14.205.104. You type the www address instead of the IP. • DNS matches or resolves the two • On an intranet (local network), it resolves PC names to their IP addresses. It has a database with host-to-IP data Public vs Private IP Addresses • Public - All of the addresses that are used on the Internet (unique worldwide) • Private – Designed for private networks and are not routable to the internet (infinite) • NAT (Network Address Translation) – Problem with globally non-unique private IP address means companies would have conflicts accessing the internet. NAT resolves this problem by translating non-routable private IP address into public IP addresses APIPA • Automatic Private IP Addressing (APIPA) is a TCP/IP standard used to automatically configure IP-based hosts that are unable to reach a DHCP server. • If your cable gets disconnected you get an APIPA • AKA zero configuration networking or address autoconfiguration • TCP/IP network can run with no configuration at all – therefore devices with APIPA and on the same LAN can talk, share printers etc. IPv6 • IPv4 = 32 bit, 232 = 4GB or 4 billion addresses worth of combinations (7.8 billion people have surpassed this) • We each have multiple individual devices with IP addresses • IPv6 provides 128 bit addresses, 264 – Astronomical number of networks 16Billion Billion) • Hexadecimal values; 4 binary bits (1111) makes a hexadecimal value IPv6 • Longer - 16 bit fields each with 4 hexadecimals separated by colons
